We explored the common pain points that SASE solves and its key use cases.
Once you have opted to deploy SASE, what are the key considerations that should guide your SASE implementation? What are the factors to take into consideration before and during a SASE deployment?
SASE deployments can be complex initiatives with pre-determined milestones and progressive phases of implementation. It is helpful to understand how to deploy SASE effectively to achieve a truly converged network and security architecture which simplify network management and costs, and enhances security, connectivity, and performance. Here are the key points to consider before and during a SASE deployment.
Assess your infrastructure and identify key use cases
To understand how to deploy SASE according to your organisation’s unique requirements, you can start by conducting an assessment of your current network and security architecture. An important step in the assessment is identifying where SASE can provide the most value.
Essentially you should identify the most potent SASE use cases based on current requirements and understand the potential pitfalls of the deployment as well as the organisational and infrastructural limitations.
The analysis will help you understand the critical resources and capabilities that your organisation requires to effectively deploy SASE and a modern converged architecture for your network and security infrastructure.
The assessment also helps you understand the on-premises network hardware that can possibly be replaced in favour of cloud-based capabilities or reducing the number of appliances. Yet another factor that should come up from the analysis is which security capabilities need to be moved to the cloud or retained on-premises.
The gap analysis helps understand where your network and security teams will need most support from a specialised SASE provider. In addition, ensuring that the right cross-functional capabilities exist across the security and networking teams which have different skill sets and traits ensures smooth SASE deployment.
Deployment priorities will vary according to the industry in which organisations operate in. For instance, when you consider data privacy, the requirements of healthcare organisations are going to be different from manufacturing companies.
Develop a SASE roadmap and deploy progressively
Development of a SASE roadmap with key milestones for a progressive phased deployment of SASE is typically the next outcome of the assessments and gap analysis.
Since SASE deployments are complex and protracted affairs, what companies typically do is to develop a roadmap to determine the overall shape of the deployment, define the key milestones and phases, and then back fill or retrospectively complete the roadmap-defined stages as the migration gradually progresses.
While deploying SASE, the best way to ensure an immediate impact on reducing risk and mitigating known vulnerabilities is to control application-level access as opposed to network level access. This means starting with Zero Trust Network Access (ZTNA) as the entry point into the SASE framework.
The next step is enforcing a Software-Defined Wide Area Network (SD-WAN). Thereafter, you can create an engine to enforce security policies utilising Firewall as a Service (FWaaS), Secure Web Gateway (SWG) and a Cloud Access Security Broker (CASB).
After assessing the number of point solutions that you already have for security and networking, it is important to understand how many of those you can consolidate and move to the cloud. This exercise will allow you to not only reduce complexity by leveraging a single pane of glass to manage your infrastructure in the cloud, but also reduce costs significantly.
Running a trial proof of concept (POC) will be useful in ensuring that all the SD-WAN and security capabilities or secure service edge (SSE) that you require for SASE are indeed manageable from a single pane of glass in the cloud.
Always keep in mind what SASE is and what it isn’t
SASE is not about converging multiple point solutions in the name of converging networking and security. SASE ultimately has to deliver a unified cloud-centric service for networking and security at scale. In addition, it is worth remembering that mere integration also is not convergence.
Adding additional networking capabilities or security functions through new tools for SASE defeats its very purpose because it only adds to the point solution sprawl. In addition to the chore of integrating and managing all the new tools you are also deprived of a single pane of glass control in the cloud to manage SASE.
Questions to address while operationalising SASE
When you operationalise SASE, there are several skills, resources, and tools required to efficiently manage it. Understanding the external support requirements to operationalise SASE helps in identifying and consolidating SASE solutions providers. Several questions might pop up while building customisable and repeatable SASE processes:
- Do you need to adjust change processes?
- How capable are your internal resources in trouble shooting SASE challenges?
- What is the extent of visibility that SASE offers now?
- Do you need to hire the services of a SASE provider to optimise SASE?
Customise SASE according to budget and business requirements
It is essential that the SASE operations team has the expertise to troubleshoot both security and network issues. You will also be required to make changes to your SASE environment as your business requirements change. Continuously addressing these changes while iteratively adjusting the SASE framework is important to successful outcomes.
The flexibility of SASE allows you to customise it according to your current business requirements. SASE can be gradually introduced across your key use cases. The framework can co-exist with your existing legacy networking and security infrastructure. Customising the SASE deployment according to your business requirements is key to success with SASE.
While rolling out SASE progressively, it is key to stick to the defined architecture to avoid falling into the tool sprawl trap. Having all capabilities at hand and selecting capabilities according to requirements at each phase is the way to go about a SASE deployment.
Typically, not all solutions providers are able to meet the full spectrum of SASE requirements. So, it is important to carefully evaluate providers with a broad set of capabilities. They should ideally have a well-established ecosystem of partners in their network to make the SASE solutions comprehensive. While some might be specialised in security, others may have strong networking capabilities. To help you in your selection process, we have 12 frequently asked questions covered in a blog post: 12 Questions You Should Ask a SASE Provider.
If you’re ready to get started on your SASE journey, we can help you do that.
As a leader in the 2022 Gartner® Magic Quadrant for Network Services, Global with a diverse network across APAC, Lumen has a robust record in supporting enterprises with their networking needs.
For a deep dive into adoption of SASE, watch our 6 steps to simplified SASE adoption webinar right now. Alternatively, you can contact us to arrange a SASE consultation with one of our technical experts.